The EU justice and home affairs minister are about to agree on a large-scale banking data sharing plan with the United States. The agreement will have a massive impact on the privacy of banking data of European businesses and citizens.

Background of the deal

It’s everything about SWIFT, a company that handles the bank transactions for thousands of bank, inluding most European banks. SWIFT is based in Belgium but has also a branch in the USA. Under the TFTP programme the US government forced the US branch (which mirrors all data based in Belgium) to allow government access to all these bank transactions in order to help anti-terrorism operations.

SWIFT is now moving all its data centers outside the EU and the US, to Switzerland. In order to continue allowing the US authorities accessing all banking data a high level agreement between the EU and the USA is currently being negotiated. It is likely to be agreed on in the EU council of minister meeting next Monday, 30 November 2009.

Why is the SWIFT deal dangerous?

The move of SWIFT the data server to Switzerland would be an excellent opportunity to stop the nearly unlimited access of US authorities on EU bank transactions. But EU justice and interior minister are apparently keen agree a deal as soon as possible, on 30 November. Why 30 November? Because one day later, on 1 December 2009, the EU’s Lisbon Treaty will be in force and would allow the European Parliament to play a major role in the negotiations of the deal with the USA. A deal one day before will be a slap in the face of democracy in the EU.

SWIFT handles 15 mio bank transactions daily for more than 9000 banks worldwide. Nearly every transnational bank transaction within the EU is recorded in the SWIFT data centers, including amount, sender, recipient, and transaction comments. The agreement will even allow to transmit “other personal data”.

This will allow US authorities to establish a huge data mining database, allowing to query every substantial business link within the EU. No question that the United States will never admit that openly. But data protection agreements should not be based on hope but on principles. The current draft is based on hope.

Is there no opposition to the deal?

When German media reported about the deal about 2 weeks ago some opposition to the deal was raised. Germany, France and Austria seem to had important data protection concerns. Finally it was reported that Germany would even block the deal. Two weeks later all the opposition apparently has disappeared and Germany will now abstain from the vote on Monday, paving the way for the agreement coming into force.

MEPs in the European Parliament have raised concerns as well, but if the deal is agreed before 1st December, there will be no way for them to have a say.

No reciprocity

The most suprising fact related to the EU negotiations with the US is the missing demand of reciprocity. In other words: while the US will be able to access EU banking data no access to US banking data by EU auhtoirties is being foreseen.

Open questions

It is unclear to me what exact legal form the agreement with the United States will have. To my knowledge it will probably not require any ratification by national parliaments. It needs to be seen whether procedures against the deal will be able to be launched at the European Court of Justice. They could potentially be based on the EU’s current, rather strict data protection legislation.